package com.fingard.dsp.linksecure;

import com.fingard.FGBiz;
import com.fingard.crypto.SignEncryptHelper;
import com.fingard.dsp.DSPSet;
import com.fingard.io.FileHelper;
import com.fingard.text.StringHelper;
import com.fingard.xml.XmlTextReader;

import java.io.File;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.HashMap;
import java.util.Map;

/**
 * Created by F on 2020/3/30.
 */
public class CertConfig {
    public Map<String,PublicKey> custCerMap = new HashMap<String, PublicKey>();

    public PublicKey ownPubKey = null;
    //map<客户号，map<日期，密钥>>
    public Map<String,Map<String,String>> aesKeyMap = new HashMap<String, Map<String,String>>();

    public PrivateKey ownPriKey =null;

    public  CertConfig InitCertConfig() throws Exception{
        String proCfgFile = FGBiz.dspCenter.rootDirPath + File.separator + "config" + File.separator + "certificate.xml";
        CertConfig proConfig = new CertConfig();
        proConfig.loadConfig(proCfgFile);
        return proConfig;
    }

    public void loadConfig(String p_filePath) throws Exception{
        File tmpFile = new File(p_filePath);
        if (tmpFile.exists()) {
            String strXml = FileHelper.readToString(tmpFile, "utf-8");

            XmlTextReader cfgXmlReader = new XmlTextReader(strXml);
            int serversize =0;
            while (cfgXmlReader.read("/config/ServerCert")){
                if(cfgXmlReader.readedXElement.getAttrValueAsBool("enable")){

                    String filePath = DSPSet.replaceFilePath(cfgXmlReader.readedXElement.getSingleText("filename"));
                    String alias = cfgXmlReader.readedXElement.getSingleText("alias");
                    String pwd = cfgXmlReader.readedXElement.getSingleText("password");
                    if(FileHelper.existFile(filePath)){
                        KeyStore keyStore = SignEncryptHelper.getKey(filePath,pwd);
                        if(StringHelper.hasAnyChar(alias)){
                            ownPriKey = SignEncryptHelper.getPrivateKey(keyStore,alias,pwd);
                            ownPubKey = SignEncryptHelper.getPublicKey(keyStore);
                        }else {
                            ownPriKey = SignEncryptHelper.getPrivateKey(keyStore,pwd);
                            ownPubKey = SignEncryptHelper.getPublicKey(keyStore);
                        }
                        serversize ++;
                    }
                }
            }
            if(serversize==0){
                throw new Exception("文件【config/certificate.xml】的ServerCert节点必须开启并且只能开启一个");
            }else if(serversize!=1){
                throw new Exception("文件【config/certificate.xml】的ServerCert节点只能开启一个");
            }else {
                FGBiz.startLog.addToLimit("BankServer", "服务器证书加载完成");
            }
            cfgXmlReader.backToTop();
            while(cfgXmlReader.read("/config/CustomCertSet/item")){
                if(cfgXmlReader.readedXElement.getAttrValueAsBool("enable")){
                   String tenant = cfgXmlReader.readedXElement.getSingleText("tenant");
                   String name = cfgXmlReader.readedXElement.getSingleText("name");
                   String fileName = DSPSet.replaceFilePath(cfgXmlReader.readedXElement.getSingleText("filename"));
                    if(StringHelper.hasAnyChar(fileName)) {
                        PublicKey publicKey = SignEncryptHelper.getPubKeyByCerFile(fileName);
                        custCerMap.put(tenant,publicKey);
                        FGBiz.startLog.addToLimit("", "已加载客户端证书："+tenant+"-"+name);
                    }
                }
            }
        }
    }
}
